Bug 778455 (SOA-933)

Summary: Console security not documented in the Getting Started Guide
Product: [JBoss] JBoss Enterprise SOA Platform 4 Reporter: Julian Coleman <jcoleman>
Component: DocumentationAssignee: Dana Mison <dmison>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.3 IR5   
Target Milestone: ---   
Target Release: 4.3 CP01   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-933
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
N/A
Last Closed: 2009-02-24 16:05:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Julian Coleman 2008-10-10 12:26:38 UTC 
Date of First Response: 2008-10-14 04:17:48
project_key: SOA

It is not possible to access the consoles by default, without editing the soa-users.properties
file.  This should be documented in the Getting Started Guide.  I suggest the following text
is appended to section 2.2 (Starting JBoss Enterprise SOA Platform), but before the note
about headless=true in SOA-906:

  Access to the server consoles is controlled by the `soa-users.properties' and
  `soa-roles.properties' files in the `jboss-as/server/<profile-name>/conf/props' directory,
  where `<profile-name>' is the name of the profile (e.g. `production' or `default').  By
  default, no users are allowed access to the consoles.  As a minimum, you should
  uncomment the `admin=admin' line in the `soa-users.properties' file, which will allow
  access to the consoles with username `admin' and password `admin'.
Comment 1 Dana Mison 2008-10-14 08:17:48 UTC 
Content added to Getting Started Guide:

2.2.1. Enabling Access to the Server Consoles
Access to the server consoles is disabled in the default configuration.
To grant access you need to edit the files soa-users.properties and soa-roles.properties.
These files are located in the conf/props directory of the server profile that you wish to allow access
for.

soa-users.properties contains a list of users and their passwords in plain text. The format is
username=password.

soa-roles.properties contains a list of users and the server roles that are assigned to them. The
format is username=role1,role2,role3 where there can be any number of roles.

These user and role details do not correspond to any other account details, such as a operating
system user account. You can arbitrarily create user accounts here.

Procedure 2.6. Enabling Access to the Server Consoles
1. You need to add the required username and password to soa-users.properties, or enable
     the user admin by uncommenting that line. If you enable the admin user you should also change
     its password.
         #admin=admin
         harold=@dm1nU53r
     Example 2.3. A new user added in soa-users.properties

2.   You also must add that user to the soa-roles.properties file. The roles the user must be
     assigned to for Server Console access are JBossAdmin, HttpInvoker, user and admin.
         #admin=JBossAdmin,HttpInvoker,user,admin
         harold=JBossAdmin,HttpInvoker,user,admin
     Example 2.4. Assigning user roles in soa-roles.properties
Comment 2 Len DiMaggio 2009-02-24 16:05:25 UTC 
Verified in the doc here:  https://svn.corp.jboss.com/repos/soa/branches/4.3/build-tools/docs/esb/